Vulnerability Description
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Befsr41 V3 | All versions |
| Linksys | Wrt54G | 2.02.7 |
References
- ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zipPatch
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html
- http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html
- http://secunia.com/advisories/11754PatchVendor Advisory
- http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmwaPatch
- http://www.nwfusion.com/news/2004/0607confuse.html
- http://www.osvdb.org/6577
- http://www.securityfocus.com/archive/1/365175
- http://www.securityfocus.com/archive/1/365227/30/0/threaded
- http://www.securityfocus.com/bid/10441Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16274
- ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_US_code_beta.zipPatch
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html
FAQ
What is CVE-2004-2606?
CVE-2004-2606 is a vulnerability with a CVSS score of 7.5 (HIGH). The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration spe...
How severe is CVE-2004-2606?
CVE-2004-2606 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2606?
Check the references section above for vendor advisories and patch information. Affected products include: Linksys Befsr41 V3, Linksys Wrt54G.